<?php  
/* OpenBIBLIO -- A library administration web interface
 * Copyright (C) 2002-2005 Fr&eacute;d&eacute;ric Descamps <lefred@tiscali.be>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

session_start();
include_once("includes/db.inc");
include_once("includes/functions.inc");
$title = "<H1>Recherche</H1>";
include_once ("includes/header.inc");

?>
<br>
<CENTER>
  <FORM action=search.php METHOD=POST>
  <TABLE id=tabsearch>
    <TR>
	<TD colspan=2>
	    <?php echo _("Titre"); ?>&nbsp;:
	    <INPUT TYPE="text" NAME="liv_nom" size=25" >
        </TD>
	<TD>
	   <?php echo _("Auteur"); ?>&nbsp;:
	   <INPUT TYPE="text" NAME="liv_auteur" size=15" >
        </TD>
    </tr>
    <tr>
        <TD>
	   <?php echo _("ISBN"); ?>&nbsp;:
	   <INPUT TYPE="text" NAME="liv_ISBN" size=15" >
        </TD>
	<TD>
	   <?php echo _("Edition"); ?>&nbsp;:
	   <INPUT TYPE="text" NAME="liv_ed" size=15" >
        </TD>
        <TD>
	   <?php echo _("Collection"); ?>&nbsp;:
	   <INPUT TYPE="text" NAME="liv_col" size=15" >
        </TD>
    </TR>
    <TR>
        <TD>
	   <?php echo _("Genre"); ?>&nbsp;:
	   <select NAME = "liv_genre">
           <option VALUE="">
           <?php
	   echo _("[non sp&eacute;cifi&eacute;]");
           $requete = "SELECT * FROM genres order by genre"; 
	   if(!($resultat = biblio_db_query($requete)))
	   { print _("PROBLEME : ") .biblio_db_error() . "<br>$requete"; }
	   else 
	   {
		while ($row = biblio_db_fetch_array($resultat)) 
		{      
		        $genre_id = $row['id'];           
			$genre_l =  $row['genre'];            
			print "<option VALUE=\"$genre_id\">$genre_l";
		}
	   }                                
           ?>
           </select>
        </TD>
        <TD>
	   <?php echo _("Etat"); ?>&nbsp;:
	   <select NAME = "liv_etat">
           <option VALUE="">
           <?php
	   echo _("[non sp&eacute;cifi&eacute;]");
           $requete = "SELECT * FROM etats order by etat"; 
	   if(!($resultat = biblio_db_query($requete)))
	   { print _("PROBLEME : ") .biblio_db_error(); }
	   else 
	   {
 		while ($row = biblio_db_fetch_array($resultat)) 
		{      
		        $etat_id = $row['id'];           
			$etat_l =  $row['etat'];            
			print "<option VALUE=\"$etat_id\">$etat_l";
		}
 	   }                                
           ?>
           </select>
        </TD>
        <TD>
	   <?php echo _("Location"); ?>&nbsp;:
	   <select NAME = "liv_location">
           <option VALUE="">
           <?php
	   echo _("[non sp&eacute;cifi&eacute;]");
           $requete = "SELECT * FROM locations order by local"; 
	   if(!($resultat = biblio_db_query($requete)))
	   { print _("PROBLEME : ") .biblio_db_error(); }
	   else 
	   {
		while ($row = biblio_db_fetch_array($resultat)) 
		{      
		        $local_id = $row['id'];           
			$local_l =  $row['local'];
			$biblio_l =  $row['biblio'];
			$rangee_l =  $row['rangee'];
			print "<option VALUE=\"$local_id\">$local_l --> $biblio_l --> $rangee_l";
		}
	   }                                
           ?>
           </select>
        </TD>
    <TR>
	<TD COLSPAN=2>
	   <?php echo _("Mots Clefs"); ?>&nbsp;:
	   <INPUT TYPE="text" NAME="liv_motclefs" size=35" >
        </TD>
	<TD COLSPAN=2>
	   <?php echo _("Resum&eacute;"); ?>&nbsp;:
	   <INPUT TYPE="text" NAME="liv_resume" size=35" >
        </TD>
 </TABLE>
 <br>
 <input type="Submit" name="submit" value="<?php echo _("Rechercher"); ?>">
 </FORM>
 </CENTER><HR>
 <?php
  if (isset($_POST['submit'])) unset($_SESSION['requete_tosave']);
  if($_POST['liv_ISBN']){$rech = $rech. " and ISBN like '%" . return_isbn($_POST['liv_ISBN']) ."%'"; }
  if($_POST['liv_nom']){$rech = $rech. " and nom like '%${_POST['liv_nom']}%'"; }
  if($_POST['liv_auteur']){$rech =$rech. " and auteur like '%${_POST['liv_auteur']}%'"; }
  if($_POST['liv_ed']){$rech = $rech. " and edition like '%${_POST['liv_ed']}%'"; }
  if($_POST['liv_col']){$rech =$rech. " and collection like '%${_POST['liv_col']}%'"; }
  if($_POST['liv_location']){$rech =$rech. " and location_ID = ${_POST['liv_location']}"; }
  if($_POST['liv_etat']){$rech =$rech. " and etat_ID = ${_POST['liv_etat']}"; }
  if($_POST['liv_genre']){$rech =$rech ." and genre_ID = ${_POST['liv_genre']}"; }
  if($_POST['liv_motclefs']) {
     $liv_motclefs = " " . $_POST['liv_motclefs'] . " ";
     $livmotclefs=$_POST['liv_motclefs'];
     $rech2 = ereg_replace(" " ,"%' and motclefs like '%",$liv_motclefs);
     $rech2 = ereg_replace("^%' and ", "",$rech2);
     $rech2 = ereg_replace(" and motclefs like '%$", "",$rech2);
     $rech = $rech . " and " . $rech2;
     #$rech =$rech ." and motclefs like '%${_POST['liv_motclefs']}%'";
  }
  if($_POST['liv_resume']) {
     $liv_resume = " " . $_POST['liv_resume'] . " ";
     $rech2 = ereg_replace(" " ,"%' and resume like '%",$_POST['liv_resume']);
     $rech2 = ereg_replace("^%' and ", "",$rech);
     $rech2 = ereg_replace(" and resume like '%$", "",$rech);
     $rech = $rech . " and " . $rech2;
  }
  
  if($rech or $_SESSION['requete_tosave'])
  {
	$rech=substr($rech,4); // we remove the first " and"
        if ($_SESSION['requete_tosave']) {
          $requete_tosave = ereg_replace ("\\\\","",$_SESSION['requete_tosave']);
	  //TODO security problem here !! 
	  //check for update/delete/drop statements
	  if (preg_match("/^\s/",$requete_tosave)) exit;
	  if (preg_match("/^update/",$requete_tosave)) exit;
	  if (preg_match("/^delete/",$requete_tosave)) exit;
	  if (preg_match("/^drop/",$requete_tosave)) exit;
	  if (preg_match("/;/",$requete_tosave)) exit;
        } 
        else {
         $requete_tosave = "select * from livres where " . $rech ."  order by nom";
         put_log(1,$requete_tosave,$user);
        }
        if(!($resultat = biblio_db_query($requete_tosave)))
        { print "PROBLEME : " .biblio_db_error() . "<br>$requete_tosave"; }
        else 
        {       
                echo "<CENTER>";                
		echo _("Nombre d'enregistrement(s) trouv&eacute;(s) : ") . biblio_db_num_rows($resultat);
		echo "<br><br>";
                echo "<TABLE><TR><th width=20%>";
		echo _("Titre");
		echo "</th><th>";
		echo _("Auteur");
		echo "</th><th>";
		echo _("Genre");
		echo "</th><th>";
		echo _("Coll.");
		echo "</th><th>";
		echo _("Edition");
		echo "</th><th>";
		echo _("Etat");
		echo "</th><th>";
		echo _("ISBN");
		echo "</th><th>";
		echo _("Pr&ecirc;t&eacute; &agrave;");
		echo "</th><th>";
		echo _("Action");
		echo "</th></tr>";
                $i=0;
                while ($row = biblio_db_fetch_array($resultat)) 
	        {      
                        $liv_id = $row['id'];           
                        $liv_nom =  $row['nom'];                                
                        $liv_auteur =  $row['auteur'];                                
                        $liv_genre_ID =  $row['genre_ID'];                                
                        $liv_local_ID =  $row['location_ID'];                                
                        $liv_etat_ID =  $row['etat_ID'];
                        $liv_ISBN =  $row['ISBN'];   
                        $liv_ed = $row['edition'];   
                        $liv_date = $row['date_ed'];
                        $liv_col = $row['collection'];   
		        $liv_del = $row['del'];
                        $requete = "select * from genres where id=$liv_genre_ID";
                        if($resultat2 = biblio_db_query($requete))
                        while ($row2 = biblio_db_fetch_array($resultat2)) 
	                {       
	                  $genre = $row2['genre'];
	                }
	                $requete = "select * from etats where id=$liv_etat_ID";
                        if($resultat2 = biblio_db_query($requete))
                        while ($row2 = biblio_db_fetch_array($resultat2)) 
	                {       
	                  $etat = $row2['etat'];
	                }
	                $i++;
	                if ($i%2 == 1) {$col="#DFE3EF";}
	                else {$col="lightyellow";}
			$rec_bypage=get_max_record();
			if (isset($_GET[start])) $rec_start = $_GET[start];
			else $rec_start=1;
			if ($i > $rec_bypage+($rec_start-1)) break;
			if ($i < $rec_start) continue;			
                        echo "\n<TR bgcolor=$col><TD>$liv_nom</TD><TD>$liv_auteur</TD><TD>$genre</TD><TD>$liv_col</TD><TD>$liv_ed</TD><TD>$etat</TD><TD>$liv_ISBN</TD>";
		        if ($liv_del == 1) { echo "<TD><small>" . _("Plus disponible!") ."</small></TD>"; }           
			else 
			{ 
     		   		$requete = "select  t2.nom nom_el, t2.prenom  from livres as t1 inner join prets as t3 on t3.livre_id = t1.id inner join eleves as t2 on t2.id = t3.eleve_id where t3.livre_id = $liv_id  and date_int is NULL order by t1.nom";
				if($resultat2 = biblio_db_query($requete))
				if (biblio_db_num_rows($resultat2) > 0)				
	                        while ($row2 = biblio_db_fetch_array($resultat2)) 
	        	        {       
					$el_nom = $row2['nom_el'];
					$el_prenom = $row2['prenom'];
				}
				else { $el_prenom = ""; $el_nom = "";}
				echo "<TD>$el_prenom $el_nom</TD>";
			}
                        echo "<TD><A HREF=\"resume.php?id=$liv_id\">voir r&eacute;sum&eacute;</A></TD>";
			$_SESSION['requete_tosave']=$requete_tosave;
                }
                echo "</TABLE><br>";
		if ( $rec_bypage>0 )
		{
		 echo "Page : ";
		 for ($j=0;$j<ceil(biblio_db_num_rows($resultat)/$rec_bypage);$j++)
		 {
		   $todisp=($j * $rec_bypage) + 1;
		   echo "&nbsp;";
		   if ($todisp==$rec_start) echo "&gt;";
		   echo "<a href=\"search.php?start=$todisp\">";
		   echo $j+1;
		   echo "</a>";
		   if ($todisp==$rec_start) echo "&lt;";
		 }
		}
		echo "</CENTER>";
        }
  }      
?>
<br><br>
<div>
<span id=left-text>
<A HREF="index.php">
<?php echo _("retour menu principal"); ?>
</A></span>
</div>
<br>
<?php
include("includes/footer.inc");
?>
